Sophos’ Secure by Design 2025 Progress

Tenable has disabled two Nessus scanner agent versions after a differential plugin update caused the agents to go offline. The post Tenable Disables Nessus Agents Over Faulty Updates appeared first on SecurityWeek.

The Russian advanced persistent threat (APT) group known as COLDRIVER has been attributed to a fresh round of ClickFix-style attacks designed to deliver two new “lightweight” malware families tracked as BAITSWITCH and SIMPLEFIX. Zscaler ThreatLabz, which detected the new multi-stage ClickFix campaign earlier this month, described BAITSWITCH as a downloader that ultimately drops SIMPLEFIX, a

Google on Friday released security updates for its Chrome browser to address a security flaw that it said has been exploited in the wild. The high-severity vulnerability, tracked as CVE-2026-2441 (CVSS score: 8.8), has been described as a use-after-free bug in CSS. Security researcher Shaheen Fazim has been credited with discovering and reporting the shortcoming…

New York identity management startup raises $36 million in an unusually large seed round co-led by Team8 and Intel Capital. The post Orchid Security Banks Hefty $36M Seed Round  appeared first on SecurityWeek.

As higher education institutions come under fire from threat actors, 24/7 vigilance is key

Microsoft has said that it’s ending support for passwords in its Authenticator app starting August 1, 2025. The changes, the company said, are part of its efforts to streamline autofill in the two-factor authentication (2FA) app. “Starting July 2025, the autofill feature in Authenticator will stop working, and from August 2025, passwords will no longer…